Skip to main content

AWS Solutions Library

Guidance for Building a Secure & Intelligent Search Application on AWS

Overview

This Guidance helps you deploy search functionality powered by Amazon Kendra. For many organizations, critical business information is scattered across multiple content repositories, making it challenging for employees to access and securely share the right information. Amazon Kendra helps manage access to documents through token-based user access. Amazon Kendra also supports search filtering based on user access tokens and document access control lists (ACLs). Search results return links and a short description to original document repositories. Access control to full documents remain enforced by the access policies of the original repository.

How it works

These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.

Download the architecture diagram PDF

Well-Architected Pillars

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

Amazon Kendra uses Amazon CloudWatch Logs to give insight into the operation of data sources. Amazon Kendra logs process details for the documents as they are indexed. It logs errors from data sources that occur while documents are being indexed. CloudWatch Logs can be used to monitor, store, and access the log files. CloudWatch Logs Insights and anomaly detection can be used to continuously analyze metrics of systems and applications, determine normal baselines, and surface anomalies with minimal user intervention. 

Read the Operational Excellence whitepaper 

Amazon Cognito helps manage, authenticate, and authorize web application end-users.  This architecture uses Amazon Cognito’s identity pool to authorize the web application to use only Amazon Kendra and Amazon S3. The web application is not allowed to access any other services. Additionally, this architecture uses AWS CloudFormationtemplates to deploy resources to the AWS Cloud. These templates reduce the risk of human error associated with manual configuration or management.

Read the Security whitepaper 

The enterprise version of an Amazon Kendra index by default is highly available within a Region. When you start with Amazon Kendra Enterprise Edition, you get a base capacity of 100,000 searchable documents and up to 8,000 queries per day.

Read the Reliability whitepaper 

Amazon CloudFront reduces latency when delivering web applications. During deployment of this architecture, you should make sure that all the services (e.g., Amazon Kendra, Amazon Cognito, CloudFront) required for the architecture are available in your chosen Region for deployment. 

Read the Performance Efficiency whitepaper 

This architecture uses Amplify which applies serverless technologies to host front-end and back-end services for web applications. Amplify scales up with high volumes of users and then scales back down as user volumes decrease, helping to manage costs. 

Read the Cost Optimization whitepaper 

Web applications hosted by Amplify scale based on user demand of the web application, helping ensure the most efficient use of energy resources.

Read the Sustainability whitepaper 

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.